Deploying vCenter 7.0 via the CLI
Recently I decided it was time to add a second vCenter 7.0 Appliance to my main lab environment after the lab containing my SRM and vSphere Replication installation ceased to exist…
I thought I would take the CLI route as its been a while, and thought I’d share!
To begin, you need to decide what you are deploying. There are four deployment options available to you, which you can see listed below. To see the options, mount the vCenter ISO image, browse to vcsa-cli-installer\templates\install, and you will find 4 templates;
- Embedded on ESXi
- Embedded on VC
- Embedded replication on ESXi
- Embedded replication on VC.
Note there is not a distributed option here anymore as this is depreciated in 7.0.
For my lab I will be using the 3rd option; ‘Embedded replication on ESXi’. Firstly because I’m deploying to a standalone host and not to an existing vCenter. Secondly as I already have an existing VCSA and SSO Domain. This new VCSA will be added, or linked to the existing VCSA for my ‘Recovery’ site, in my Site Recovery Manager (SRM) setup.
If you are looking to deploy your first VCSA, onto a standalone host, you will want to use the ‘Embedded on ESXi’ template.
Once you have decided on the template that suits your scenario, you are going to add some details to this template, such as the ESXi host information you are deploying to, networking information, NTP and in my case SSO details as I will be adding it to an existing SSO Domain. One important value is the deployment size (deployment_option in the example below).
A useful command that can be run to help you decide what size appliance is suitable for your needs is:
vcsa-deploy --supported-deployment-sizes
This outputs the vCenter sizing to assist you. It shows you the resource requirements as well as the amount of hosts and VM’s each can support.
For my lab, ‘tiny’ covers my needs.
Here is the json file I used for the deployment in my lab. I have excluded the passwords for obvious reason, but it can be ran like this, and will prompt you for the passwords in the terminal.
{
"__version": "2.13.0",
"__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller as a replication partner to another embedded vCenter Server Appliance, on an ESXi host.",
"new_vcsa": {
"esxi": {
"hostname": "smt-lab-esx-04.smt-lab.local",
"username": "root",
"password": "",
"deployment_network": "vSS_PG_Management",
"datastore": "smt-lab-vmfs-02a"
},
"appliance": {
"__comments": [
"You must provide the 'deployment_option' key with a value, which will affect the VCSA's configuration parameters, such as the VCSA's number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deployment-sizes"
],
"thin_disk_mode": true,
"deployment_option": "tiny",
"name": "smt-lab-vcsa-02"
},
"network": {
"ip_family": "ipv4",
"mode": "static",
"system_name": "smt-lab-vcsa-02.smt-lab.local",
"ip": "10.200.15.249",
"prefix": "24",
"gateway": "10.200.15.254",
"dns_servers": [
"10.200.15.10"
]
},
"os": {
"password": "",
"ntp_servers": "0.uk.pool.ntp.org",
"ssh_enable": true
},
"sso": {
"password": "",
"domain_name": "vsphere.local",
"first_instance": false,
"replication_partner_hostname": "smt-lab-vcsa-01.smt-lab.local",
"sso_port": 443
}
},
"ceip": {
"description": {
"__comments": [
"++++VMware Customer Experience Improvement Program (CEIP)++++",
"VMware's Customer Experience Improvement Program (CEIP) ",
"provides VMware with information that enables VMware to ",
"improve its products and services, to fix problems, ",
"and to advise you on how best to deploy and use our ",
"products. As part of CEIP, VMware collects technical ",
"information about your organization's use of VMware ",
"products and services on a regular basis in association ",
"with your organization's VMware license key(s). This ",
"information does not personally identify any individual. ",
"",
"Additional information regarding the data collected ",
"through CEIP and the purposes for which it is used by ",
"VMware is set forth in the Trust & Assurance Center at ",
"http://www.vmware.com/trustvmware/ceip.html . If you ",
"prefer not to participate in VMware's CEIP for this ",
"product, you should disable CEIP by setting ",
"'ceip_enabled': false. You may join or leave VMware's ",
"CEIP for this product at any time. Please confirm your ",
"acknowledgement by passing in the parameter ",
"--acknowledge-ceip in the command line.",
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
]
},
"settings": {
"ceip_enabled": true
}
}
}
Once you have prepared your file, there are a couple of commands you can run from a PowerShell prompt to validate your configuration before deploying, saving you some time should mistakes have been made. The first being:
.\vcsa-deploy.exe install --accept-eula --acknowledge-ceip --verify-template-only <Path to json File>
This completes some basic checks to ensure your json file is correct, here is a successful output:
![[START] Start executing Task: To validate CLI options at
Command line arguments verfied .
[SUCCEEDED] Successfully executed Task 'CLIOptionsVaIidationTask: Executing CLI
optionsvalidation task' in TaskFIow 'template_validation' at
[START] Start executing Task: To validate the syntax of the template. at
Template syntax validation for template
'M: . json' succeeded .
Syntax validation for all templates succeeded .
[SUCCEEDED] Successfully executed Task 'SyntaxVaIidationTask: Executing
Template Syntax Validation task' in TaskFIow 'template_validation' at
[START] Start executing Task: To check the version of each template, and for
each older template that supports CEIP, convert it to the latest template
format, and save it to the Template Blackboard at
Template version processing for template
'M: . json' succeeded .
Version processing for all templates succeeded .
[SUCCEEDED] Successfully executed Task 'VersionprocessingTask: Executing
Template Version processing task' in TaskFIow 'template_validation' at
[START] Start executing Task: To validate the template structure against the
rules specified by a corresponding template schema. at
Template structure validation for template
'M: . json' succeeded .
Structure validation for all templates succeeded .
[SUCCEEDED] Successfully executed Task 'StructureVaIidationTask: Executing
Template Structure Validation task' in TaskFIow 'template_validation' at
[START] Start executing Task: To create a dependency graph for the provided
templates, with an edge pairing two templates that are dependent on each other.
Such graph relationships will affect whether certain templates can be deployed
in parallel, or must be deployed sequentially. at
Dependency processing for all templates succeeded .
[SUCCEEDED] Successfully executed Task 'DependencyprocessingTask: Executing
Template Dependency processing task' in TaskFIow 'template_validation' at
Template verification completed .
----------------------------------= 12 : l€:eu](https://stephanmctighe.files.wordpress.com/2021/01/image-1.png?w=743)
Secondly:
.\vcsa-deploy.exe install --accept-eula --acknowledge-ceip --precheck-only <Path to json File>
This will perform a more in depth validation, checking things like the credentials for your SSO domain, DNS or whether the IP or name you plan to use for your VCSA is in use already.
Note: Make sure you have your DNS setup correctly and is resolving the appliance FQDN!
It will also provide warnings if it thinks you might not be using an appropriate template. I originally specified a host what was already managed by vCenter, so it warned me like so:
You will get a similar output to the first command, should you pass all the tests. If not you will need to look at resolving them to ensure you get a successful deployment.
The Install!
Once you are confident you have everything in place, including DNS, and your configuration files are correct, you are ready to install:
.\vcsa-deploy.exe install --accept-eula --acknowledge-ceip --no-ssl-certificate-verification <Path to json File>
Here is a cut down version of the output you will see during the deployment:
====== [START] Start executing Task: To validate CLI options at 12:46:25 ====== Command line arguments verfied. [SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI optionsValidation task' in TaskFlow 'template_validation' at 12:46:26 [START] Start executing Task: To validate the syntax of the template. at 12:46:27 Template syntax validation for template 'M:\Software\VMware\vCenter\embedded_vCSA_replication_on_ESXi.json' succeeded. Syntax validation for all templates succeeded. ====== [START] Start executing Task: Perform precheck tasks. at 12:46:39 ====== [START] Start executing Task: Verify that the provided credentials for the target ESXi/VC are valid at 12:46:45 The certificate of server 'smt-lab-esx-04.smt-lab.local' will not be verified because you have provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify' command parameter, which disables verification for all certificates. Remove this parameter from the command line if you want server certificates to be verified. ================== [START] Start executing Task: at 12:47:47 ================== = [SUCCEEDED] Successfully executed Task '' in TaskFlow 'install' at 12:47:47 = [START] Start executing Task: Check whether the datastore's free space accommodate the VCSA's deployment option at 12:47:51 [SUCCEEDED] Successfully executed Task 'Running precheck: TargetDsFreespace' in TaskFlow 'install' at 12:47:51 ==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(RUNNING 5/100) - Setting up storage VCSA Deployment is still running ==========VCSA Deployment Progress Report========== Task: Install required RPMs for the appliance.(SUCCEEDED 100/100) - Task has completed successfully. Task: Run firstboot scripts.(SUCCEEDED 100/100) - Task has completed successfully. Successfully completed VCSA deployment. VCSA Deployment Start Time: 2020-12-28T13:19:19.291Z VCSA Deployment End Time: 2020-12-28T14:18:27.103Z [SUCCEEDED] Successfully executed Task 'MonitorDeploymentTask: Monitoring Deployment' in TaskFlow 'embedded_vCSA_replication_on_ESXi' at 14:18:45 Monitoring VCSA Deploy task completed The certificate of server 'smt-lab-vcsa-02.smt-lab.local' will not be verified because you have provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify' command parameter, which disables verification for all certificates. Remove this parameter from the command line if you want server certificates to be verified. == [START] Start executing Task: Join active domain if necessary at 14:18:59 == Domain join task not applicable, skipping task [SUCCEEDED] Successfully executed Task 'Running deployment: Domain Join' in TaskFlow 'embedded_vCSA_replication_on_ESXi' at 14:18:59 [START] Start executing Task: Provide the login information about new appliance. at 14:19:10 Appliance Name: smt-lab-vcsa-02 System Name: smt-lab-vcsa-02.smt-lab.local System IP: 10.200.15.249 Log in as: Administrator@vsphere.local [SUCCEEDED] Successfully executed Task 'ApplianceLoginSummaryTask: Provide appliance login information.' in TaskFlow 'embedded_vCSA_replication_on_ESXi' at 14:19:10 =================================== 14:19:16 ===================================
Once complete, you will now have a second vCenter appliance deployed in Linked mode with the original. Here it is once I had configured a datacenter and cluster with two hosts.
![v @ smt-lab-vcsa-02_smt-lab.locaI
smt-lab-dc02
a:] smt-lab-cl-wl-02a
(Maintenance Mode)
smt-lab-esx-07_smt-lab_local (Maintenance Mode)](https://stephanmctighe.files.wordpress.com/2021/01/image-3.png?w=452)
And there you have it, thanks for reading!
Stephan McTighe 